There are plenty of service management tools that support an automated workflow for (non standard) change management. Personally, I have good experience with both Assyst from Axios and HP Service Desk. I cannot believe that an auditor wants to see paperwork when you can have such a powerfull solution in operation.

The auditors I know are far more interested in evidence that the process and whether procedures have been followed rather than a paper signature that says they have. I'd go so far as to say that automation of such things that will not permit you to go any further without the appopriate authorisation are less subject to abuse than a paper based system.

A few electronic systems out there, such as our own, require authenticated logins and ensure that every creation, modification, etc. to any and all data is fully timestamped, traced back to the resource performing the action, and that full history details are kept for detailed audit reviews. In such a case, we have yet to come across a single auditing organization that wouldn't accept the electronic data as the definitive source.

The only time it should be an issue is when there is no history and audit records can't be traced back to fully entitled and authenticated users of the system.

The other thing I recommend (on the assumption that the auditors are internal) is to go to the auditing organization and simply ask "why" they require a manual signature. You might find that this might simply be an antiquated/legacy policy that could easily be updated to match the digital age and more modern practices, especially if you can make auditors' lives easier and provide them with more (and more accurate) information. If the auditors are external, then you may want to question their ability to perform quality audits, because we have some of the biggest auditing firms in the world, here in the US, and they're pretty open to accepting electronic trails.

I think the answers so far have focused on the audit of the processes/procedures.

In my organisation we have auditors for this purpose but also financial audits which are entirely seperate from the service management audits.

The financial auditors prefer to see physical signed copies as they are probably harder to forge but a wider initiative has overrulled them by the introduction of e-filing tool etc which contains an electronic audit trail anyway.

As long as what, who, when and how is recorded it keeps everyone happy. Almost all of the SM tools will have some sort of facility to do this.

get them to define exactly which categories of change require a written signature: keep the scope tight. For only those ones, make one step in the workflow be to print it out and get it signed and file it. For everything else just get on with life._________________The IT Skeptic
see you at itskeptic.org